Solved: Want to add color to table fields

Ashish0405 · ‎05-26-2025

Hi Team,

I have added Red & Green color to Status column, I want to add the same to severity column as well.

Can some one suggest me some commands

I have used below commands to add color to status field.

<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
<format type="color" field="Status">
<colorPalette type="map">{"failed":#D93F3C,"finished":#31A35F,"Critical":#D93F3C,"Informational":#31A35F}</colorPalette>
</format>

kiran_panchavat · ‎05-26-2025

@Ashish0405

<dashboard version="1.1">
<label>Status &amp; Severity Coloring</label>
<row>
<panel>
<title>Test Status and Severity</title>
<table>
<search>
<query>
<![CDATA[
| makeresults count=4
| streamstats count as id
| eval Status=case(id==1, "failed", id==2, "finished", id==3, "finished", 1==1, "failed")
| eval Severity=case(id==1, "Critical", id==2, "Informational", id==3, "Critical", 1==1, "Informational")
]]>
</query>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
<format type="color" field="Status">
<colorPalette type="map">{&quot;failed&quot;:&quot;#D93F3C&quot;,&quot;finished&quot;:&quot;#31A35F&quot;}</colorPalette>
</format>
<format type="color" field="Severity">
<colorPalette type="map">{&quot;Critical&quot;:&quot;#D93F3C&quot;,&quot;Informational&quot;:&quot;#31A35F&quot;}</colorPalette>
</format>
</table>
</panel>
</row>
</dashboard>

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

View solution in original post

Ashish0405 · ‎06-01-2025

Thank you that's worked

gcusello · ‎06-01-2025

Hi @Ashish0405 ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

livehybrid · ‎05-26-2025

Hi @Ashish0405

Just add another <format> under the existing one such as:

        <format type="color" field="Severity">
          <colorPalette type="map">{"Critical":#D93F3C,"Informational":#31A35F}</colorPalette>
        </format>

Full example:

<dashboard version="1.1">
  <label>Demo</label>
  <row>
    <panel>
      <table>
        <search>
          <query>|makeresults | eval Status="failed", Severity="Critical"
| append [makeresults | eval Status="finished", Severity="Informational"]</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
        <format type="color" field="Status">
          <colorPalette type="map">{"failed":#D93F3C,"finished":#31A35F,"Critical":#D93F3C,"Informational":#31A35F}</colorPalette>
        </format>
        <format type="color" field="Severity">
          <colorPalette type="map">{"Critical":#D93F3C,"Informational":#31A35F}</colorPalette>
        </format>
      </table>
    </panel>
  </row>
</dashboard>

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Edit - Sorry just seen the other replies which I hadnt noticed before, not meaning to step on others toes!

kiran_panchavat · ‎05-26-2025

@Ashish0405

<dashboard version="1.1">
<label>Status &amp; Severity Coloring</label>
<row>
<panel>
<title>Test Status and Severity</title>
<table>
<search>
<query>
<![CDATA[
| makeresults count=4
| streamstats count as id
| eval Status=case(id==1, "failed", id==2, "finished", id==3, "finished", 1==1, "failed")
| eval Severity=case(id==1, "Critical", id==2, "Informational", id==3, "Critical", 1==1, "Informational")
]]>
</query>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
<format type="color" field="Status">
<colorPalette type="map">{&quot;failed&quot;:&quot;#D93F3C&quot;,&quot;finished&quot;:&quot;#31A35F&quot;}</colorPalette>
</format>
<format type="color" field="Severity">
<colorPalette type="map">{&quot;Critical&quot;:&quot;#D93F3C&quot;,&quot;Informational&quot;:&quot;#31A35F&quot;}</colorPalette>
</format>
</table>
</panel>
</row>
</dashboard>

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

Ashish0405 · ‎06-01-2025

Thank you, that's worked

gcusello · ‎05-26-2025

Hi @Ashish0405 ,

you have to follow the same process.

or copy the option

<format type="color" field="Severity">
     <colorPalette type="map"> 
 {"failed":#D93F3C,"finished":#31A35F,"Critical":#D93F3C,"Informational":#31A35F}</colorPalette>
</format>

obviously changing the values of the Severity field.

Ciao.

Giuseppe

Want to add color to table fields

chart

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Want to add color to table fields

chart

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?